论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2015-10-22 15:29 |只看该作者 |倒序浏览

最近做一个Linux下的登录管理，用PAM做。
登录是控制住了，但是锁屏之后解锁却不走我的PAM，而走了 pam_unix.so
求大侠指导

ubuntu, pam, lightdm

文库|博客

170fangjun

白手起家

论坛徽章:: 0

2楼 [报告]

发表于 2015-10-22 15:45 |只看该作者

本帖最后由 170fangjun 于 2015-10-22 15:48 编辑

/* expected hook */
MY_PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv )
{
DPRINT(LOG_DEBUG, "进入pam_sm_setcred() flags:%d argc :%d ",flags,argc);
int nret = PAM_SUCCESS, *pret;
pret = &nret;
pam_get_data(pamh, "sample_setcred_return", (const void **)&pret);
return *pret;
//return PAM_AUTH_ERR;
}
MY_PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
DPRINT(LOG_DEBUG, "进入pam_sm_chauthtok() flags:%d argc :%d ",flags,argc);
return PAM_SUCCESS;
}
MY_PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
DPRINT(LOG_DEBUG, "进入pam_sm_acct_mgmt() flags:%d argc :%d ",flags,argc);
return PAM_SUCCESS;
}
MY_PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc,const char **argv)
{
DPRINT(LOG_DEBUG, "进入pam_sm_open_session() flags:%d argc :%d ",flags,argc);
return PAM_SUCCESS;
}
MY_PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc,const char **argv)
{
DPRINT(LOG_DEBUG, "进入pam_sm_open_session() flags:%d argc :%d ",flags,argc);
return PAM_SUCCESS;
}
/* expected hook, this is where custom stuff happens */
MY_PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv )
{
DPRINT(LOG_DEBUG, "进入pam_sm_authenticate() flags:%d argc :%d ",flags,argc);
int retval;
const char* pUsername = NULL;
const char *pPassword = NULL;
const char *prompt = NULL;
retval = pam_get_user(pamh, &pUsername, "sec管控帐号: ");
DPRINT(LOG_DEBUG, "获取管控帐号:%s",pUsername);
/// simplog.writeLog(SIMPLOG_DEBUG, "Welcome: %s", pUsername);
if (retval != PAM_SUCCESS)
{
pam_error(pamh, "获取sec管控帐号失败");
return retval;
}
retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pPassword, prompt);
// retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &pPassword, prompt); /////// ok !
// retval = pam_get_authtok_noverify(pamh, &pPassword, prompt);
if(retval != PAM_SUCCESS)
{
pam_info(pamh, "获取sec认证密码失败");
return retval;
}
char cmd[1024];
char errMsg[512];
sprintf(cmd, "export DISPLAY=:0.0;%s %s %s %s", "LoginAgent", H_ToKen, pUsername, pPassword);
memset(errMsg, 0, 512);
//pam_info(pamh, "cmd: %s", cmd);
if(0 != runLoginAgent(pamh, cmd, errMsg, 512))
{
pam_error(pamh, "sec 认证失败：%s", errMsg);
return PAM_AUTH_ERR; }
else
{
pam_info(pamh, "sec 认证: 成功！");
}
int *pret = (int *)malloc(sizeof(int));
*pret = PAM_SUCCESS;
pam_set_data(pamh, "sample_setcred_return", (void *)pret, sample_pam_free);
#endif
return PAM_SUCCESS; /// 允许登录
}

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

170fangjun

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2015-10-22 15:47 |只看该作者

修改了 lightdm

auth sufficient mypam.so
account sufficient mypam.so

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › 程序设计 › Linux环境编程 › ubuntu解锁不走我的PAM

[Linux] ubuntu解锁不走我的PAM [复制链接]